Need quick help with ActiveSync/Autodiscover

Having some issues after changing my MX record to point to my new Exchange 2010 server.  All users are still on the old 2003 server.  I believe the issues, which are ActiveSync and Autodiscover related, all stem from external DNS.  Hopefully someone can help me here.  When I use the Microsoft Exchange Server Remote Connectivity Analyzer, ActiveSync and Autodiscover fail.  Right now, I have my MX record still pointing to my 2003 server until I can get this resolved.

Using a Microsoft document, I had my ISP create an SRV record for autodisvoer for my domain.  no A record, just the SRV record.  At this stage, the test totally fails because it can't find an A record (was told to delete that).

I also see that when I DI have an A record for autodiscover, it ended up looking at our public website (hosted) for autodiscover, which it couldn't find, and it also was looking at the webhosts certificate....

I'm assuming this is because our domain name "" was included on my UCC certifiacte, and is also our external DNS name....
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This issue is not direcly related to your UCC certificate.

I suppose, that your DNS configuration is not correct, as autodiscover points to your WWW provider.
Often this is caused, when no explicit autodiscover A record is set and you have a wildcard DNS entry for your domain (* pointing to your webserver.

Just create a A record for autodiscover.<> and point it to your new Exchange 2010 Server. Also point another A record e.g. owa.<> also to the Exchange 2010 Server.

In ESM check under CAS the settings for internal / external URLs to be correct.

And here, the certificate is important. For the configuration above, your certificate must contain the internal names (you can see them in the selfsigned cert from installation), and additionally autodiscover.<> and owa.<>

Now, if you create a test mailbox on E2010 server, Microsoft Exchange Server Remote Connectivity Analyzer should find no errors.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tenoverAuthor Commented:
-Just had the external A record added for

-There is no wildcard entry pointing to my webserver currently, only a "www" A record.

-I already have an external entry for "" in DNS.

-In ESM, the settings appear correct for the 2010 server.

The problem is with all the users who currently exist on the Exchange 2003 server.  If they go to OWA, they get the new 2010 login page, and when they type in their credentials, it does not redirect them to the legacy page.  This works like a charm internally.

The same users are immediately prompted for Exchange passwords on their iPhone.

I can recreate this issue at any time by simply changing my NAT policy to point to the 2010 server instead of the 2003 server.  

Because of the analyzer results, and the (non)redirect to, I was sure it had to do with either permissions somewhere or the certificate.
tenoverAuthor Commented:
Just confirmed that this is defintiely why autodiscover is not mail server is called "" and is hosted on our LAN behind our firewall.  I have a NAT policy for it.

Our internal and external domain names are the same, so for some reason when the autodiscover test happens, it immediately looks at the root domain "" which goes to the company that hosts our www site.

How can I fix this?  Do I need to modify me certificate?  Something I can do via external DNS??

This is really holding me back from moving forward.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

tenoverAuthor Commented:
Actually, I can get by without Autodiscover until later.....My main problem is that ActiveSync is not working and OWA is redirecting users to a blank page.
tenoverAuthor Commented:
Just switched over to the new 2010 serve to test.  The one user I've moved over to 2010 can then login to OWA and use AutoDiscover to configure an Activesync mobile client with no issues.

ANY and ALL existing 2003 users do not get directed to the old server, either through OWA or(it appears) through Activesync...

I'm still thinking permission/authentication issue between the two servers, but am not sure how to test/verify....

Your external a record should point to your internet ip, the right ports (80, 443) should be forwarded to your owa server and certificate should be loaded in iis and valid for your owa url.
As you. are getting blank page you should verify the connection in the iis log and probably neef to reconfig iis
tenoverAuthor Commented:
I figured this one out.  My bad.  NAT policy for legacy was incorrect.  Working on ActiveSync issues now.....As soon as I flip the switch to point to the new 2010 server, all mobile users can't sync.  Uggh.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.